CVE-2012-2330

Severity Score

6.4

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The Update method in src/node_http_parser.cc in Node.js before 0.6.17 and 0.7 before 0.7.8 does not properly check the length of a string, which allows remote attackers to obtain sensitive information (request header contents) and possibly spoof HTTP headers via a zero length string.

El método de actualización (Update) en src/node_http_parser.cc en Node.js antes de v0.6.17 y v0.7 antes de v0.7.8 no comprueba correctamente la longitud de una cadena, lo que permite a atacantes remotos obtener información sensible (contenidos del encabezado de la solicitud) y, posiblemente, HTTP falsear cabeceras a través de una cadena de longitud cero.

*Credits: N/A

CVSS Scores

NISTv2 6.4

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-04-19 CVE Reserved
2012-08-13 CVE Published
2024-08-06 CVE Updated
2024-08-06 First Exploit
2024-09-01 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-20: Improper Input Validation

CAPEC

References (7)

URL	Tag	Source
http://blog.nodejs.org/2012/05/04/version-0-6-17-stable	X_refsource_confirm
http://www.openwall.com/lists/oss-security/2012/05/08/4	Mailing List
http://www.openwall.com/lists/oss-security/2012/05/08/8	Mailing List
https://support.f5.com/csp/article/K99038439?utm_source=f5support&amp%3Butm_medium=RSS	X_refsource_confirm

URL	Date	SRC
https://github.com/joyent/node/commit/7b3fb22	2024-08-06
https://github.com/joyent/node/commit/c9a231d	2024-08-06

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/49066	2023-02-13

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Nodejs Search vendor "Nodejs"		Nodejs Search vendor "Nodejs" for product "Nodejs"				<= 0.6.16 Search vendor "Nodejs" for product "Nodejs" and version " <= 0.6.16"		-		Affected
Nodejs Search vendor "Nodejs"		Nodejs Search vendor "Nodejs" for product "Nodejs"				0.7.0 Search vendor "Nodejs" for product "Nodejs" and version "0.7.0"		-		Affected
Nodejs Search vendor "Nodejs"		Nodejs Search vendor "Nodejs" for product "Nodejs"				0.7.1 Search vendor "Nodejs" for product "Nodejs" and version "0.7.1"		-		Affected
Nodejs Search vendor "Nodejs"		Nodejs Search vendor "Nodejs" for product "Nodejs"				0.7.2 Search vendor "Nodejs" for product "Nodejs" and version "0.7.2"		-		Affected
Nodejs Search vendor "Nodejs"		Nodejs Search vendor "Nodejs" for product "Nodejs"				0.7.3 Search vendor "Nodejs" for product "Nodejs" and version "0.7.3"		-		Affected
Nodejs Search vendor "Nodejs"		Nodejs Search vendor "Nodejs" for product "Nodejs"				0.7.4 Search vendor "Nodejs" for product "Nodejs" and version "0.7.4"		-		Affected
Nodejs Search vendor "Nodejs"		Nodejs Search vendor "Nodejs" for product "Nodejs"				0.7.5 Search vendor "Nodejs" for product "Nodejs" and version "0.7.5"		-		Affected
Nodejs Search vendor "Nodejs"		Nodejs Search vendor "Nodejs" for product "Nodejs"				0.7.6 Search vendor "Nodejs" for product "Nodejs" and version "0.7.6"		-		Affected
Nodejs Search vendor "Nodejs"		Nodejs Search vendor "Nodejs" for product "Nodejs"				0.7.7 Search vendor "Nodejs" for product "Nodejs" and version "0.7.7"		-		Affected